d tbsky
2015-Nov-16 09:23 UTC
[Samba] will bad things happen if samba4 AD not binding 127.0.0.1?
2015-11-16 17:08 GMT+08:00 Andrew Bartlett <abartlet at samba.org>:> On Sun, 2015-11-15 at 23:49 +0800, d tbsky wrote: > > hi: > > my company has two dns servers, but samba4 internal dns forward > > can only > > forward to 1 server. > > to workarround it i run dnsmasq as dns cache at 127.0.0.1 and let > > samba4 > > dns forward to 127.0.0.1. > > my smb.conf looks like: > > > > dns forwarder = 127.0.0.1 > > interfaces = 10.1.1.1 > > bind interfaces only = Yes > > > > with the setting samba won't bind to 127.0.0.1, so dnsmasq can use > > 127.0.0.1 to do the work. > > my /etc/resolv.conf point to 10.1.1.1 (samba internal dns) > > > > everything seems work fine. but I want to make sure if this kind of > > setup > > is safe? > > if it is safe then I don't need to create another virtual interface > > just > > for dnsmasq. > > thanks a lot for help!! > > It should be OK, and seems like the best workaround so far for the lack > of multiple DNS forwarders. > > Samba shouldn't be making assumptions about what it is bound to beyond > the 'interfaces' line with the 'bind interfaces only' setting. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT > http://catalyst.net.nz/services/samba > > > >hi: thanks for the confirm. according to the man page, there maybe some program hard-code to 127.0.0.1 or localhost (smbpasswd). I just hope there is no such hard-code in AD DC code. Regards, tbskyd
Andrew Bartlett
2015-Nov-17 09:02 UTC
[Samba] will bad things happen if samba4 AD not binding 127.0.0.1?
On Mon, 2015-11-16 at 17:23 +0800, d tbsky wrote:> hi: > > thanks for the confirm. according to the man page, there maybe > some > program hard-code to 127.0.0.1 or localhost (smbpasswd). I just hope > there > is no such hard-code in AD DC code.The non-root smbpasswd password change mode is the only instance I know of like this. Our selftest environment also does not bind to 127.0.0.1, so this is an entirely reasonable thing to do. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
d tbsky
2015-Nov-17 11:26 UTC
[Samba] will bad things happen if samba4 AD not binding 127.0.0.1?
2015-11-17 17:02 GMT+08:00 Andrew Bartlett <abartlet at samba.org>:> On Mon, 2015-11-16 at 17:23 +0800, d tbsky wrote: > > > hi: > > > > thanks for the confirm. according to the man page, there maybe > > some > > program hard-code to 127.0.0.1 or localhost (smbpasswd). I just hope > > there > > is no such hard-code in AD DC code. > > The non-root smbpasswd password change mode is the only instance I know > of like this. Our selftest environment also does not bind to > 127.0.0.1, so this is an entirely reasonable thing to do. > > Andrew Bartlett >got it. thanks again for your information!! Regards, tbskyd